Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)

This document defines the process assessment guidelines needed to meet the purpose of defined VSE profiles. It is applicable to all VSE profiles and is compatible with ISO/IEC 33002. The possible uses of this document are as follows. a) Assessment to evaluate the process capabilities. Use when an organization wants an assessment of profile conformance (basic, etc.) of the implemented processes. b) Supplier's capability assessment. Use when a customer asks for a third party to conduct an assessment in order to obtain a profile (basic, etc.) of the implemented process by the system or software development and maintenance supplier.

Ingénierie des systèmes et du logiciel -- Profils de cycle de vie pour très petits organismes (TPO)

General Information

Status
Published
Publication Date
13-Apr-2020
Current Stage
6060 - International Standard published
Start Date
23-Mar-2020
Completion Date
14-Apr-2020
Ref Project

RELATIONS

Buy Standard

Technical report
ISO/IEC TR 29110-3-1:2020 - Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)
English language
99 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/IEC TR
REPORT 29110-3-1
Second edition
2020-04
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 3-1:
Process assessment guidelines
Reference number
ISO/IEC TR 29110-3-1:2020(E)
ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

1.1 Fields of application ........................................................................................................................................................................... 1

1.2 Target audience ...................................................................................................................................................................................... 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Abbreviated terms .............................................................................................................................................................................................. 2

5 Process assessment framework ........................................................................................................................................................... 3

6 VSE process assessment ................................................................................................................................................................................ 4

6.1 Performing an assessment ............................................................................................................................................................ 4

6.1.1 General...................................................................................................................................................................................... 4

6.1.2 Assessment inputs .......................................................................................................................................................... 5

6.1.3 Roles and responsibilities ........................................................................................................................................ 5

6.1.4 The assessment process ............................................................................................................................................ 5

6.2 Use of the assessment results .................................................................................................................................................... 6

6.3 Achievement of a VSE profile ...................................................................................................................................................... 6

6.4 Application of process assessment models .................................................................................................................... 6

Annex A (informative) Measurement framework for the assessment of process capability

and VSE profiles ..................................................................................................................................................................................................... 8

Annex B (informative) Examplar software life cycle process assessment model for Very

Small Entities.........................................................................................................................................................................................................21

Annex C (informative) Examplar system life cycle process assessment model for Very Small

Entities .........................................................................................................................................................................................................................68

Bibliography .............................................................................................................................................................................................................................99

© ISO/IEC 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that

are members of ISO or IEC participate in the development of International Standards through

technical committees established by the respective organization to deal with particular fields of

technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other

international organizations, governmental and non-governmental, in liaison with ISO and IEC, also

take part in the work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC

list of patent declarations received (see http:// patents .iec .ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/

iso/ foreword .html.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 7, Software and systems engineering.

This second edition cancels and replaces the first edition (ISO/IEC/TR 29110-3-1:2015), which has been

technically revised.
The main changes compared to the previous edition are as follows:

— Annex A has been reworked and split to distinguish measurement framework and exemplar process

assessment model; exemplar process assessment model for system life cycle processes has been added;

— main concepts for VSE profiles, i.e. maturity levels and process capability levels, have been added;

— structure of the process assessment model has been reworked and mapped to VSE profiles and

processes dimensions;
— process assessment indicators description has been reworked;

— software project management and software implementation process base practices indicators

and work product characteristics have been aligned with the latest editions of ISO/IEC 29110-4-1,

ISO/IEC/TR 29110-5-1-2 and ISO/IEC/TR 29110-5-2-1;

— software process performance indicators for organizational profile group have been added;

— software process capability levels and process attributes indicators (PA.1 to PA.4) have been added;

— rules to derive VSE profiles from process capability levels have been added;

— subclauses on conformity of the exemplar process assessment model have been added.

A list of all parts in the ISO/IEC 29110 series can be found on the ISO website.
iv © ISO/IEC 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TR 29110-3-1:2020(E)

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO/IEC 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
Introduction

Very Small Entities (VSEs) around the world are creating valuable products and services. For the

purpose of the ISO/IEC 29110 series, a Very Small Entity (VSE) is an enterprise, an organization, a

department or a project having up to 25 people. Since many VSEs develop and/or maintain system

and software components used in systems, either as independent products or incorporated in larger

systems, recognition of VSEs as suppliers of high quality products is required.

According to the Organization for Economic Co-operation and Development (OECD) SME and

Entrepreneurship Outlook 2019 report, ‘Small and medium-sized enterprises (SMEs) and

entrepreneurship are essential drivers of economic and social well-being. Representing 99 % of all

businesses, generating about 60 % of employment and totalling between 50 % and 60 % of value added

in the OECD area’. The challenge facing OECD governments is to provide a business environment that

supports the competitiveness of this large heterogeneous business population and that promotes a

vibrant entrepreneurial culture.

From studies and surveys conducted, it is clear that the majority of International Standards do not

address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not

impossible. Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce

quality systems/system elements, including software in their domain. Therefore, VSEs are excluded

from some economic activities.

It has been found that VSEs find it difficult to relate International Standards to their business needs

and to justify the effort required to apply standards to their business practices. Most VSEs can neither

afford the resources, in terms of number of employees, expertise, budget and time, nor do they see a

net benefit in establishing over-complex systems or software life cycle processes. To address some of

these difficulties, a set of guides has been developed based on a set of VSE characteristics. The guides

are based on subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as

profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSEs'

context; for example, processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software;

processes, activities, tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; information products

(documentation) of ISO/IEC/IEEE 15289 for software and systems.

VSEs can achieve recognition through implementing a profile and by being audited against

ISO/IEC 29110 specifications.

The ISO/IEC 29110 series of standards and technical reports can be applied at any phase of system or

software development within a life cycle. This series is intended to be used by VSEs that do not have

experience or expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards

to the needs of a specific project. VSEs that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or

ISO/IEC/IEEE 15288 are encouraged to use those standards instead of the ISO/IEC 29110 series.

The ISO/IEC 29110 series is intended to be used with any lifecycle such as waterfall, iterative,

incremental, evolutionary or agile.

Systems, in the context of the ISO/IEC 29110 series, are typically composed of hardware and software

components.

The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software

and/or service quality, and process performance. See Table 1.
vi © ISO/IEC 2020 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
ISO/IEC/TR 29110-1 Overview VSEs and their customers, assessors,
standards producers, tool vendors and
methodology vendors.
ISO/IEC 29110-2 Framework for profile prepa- Profile producers, tool vendors and
ration methodology vendors.
Not intended for VSEs.

ISO/IEC 29110-3 Certification and assessment VSEs and their customers, assessors,

guidance accreditation bodies.
ISO/IEC 29110-4 Profile specifications VSEs, customers, standards producers,
tool vendors and methodology vendors.
ISO/IEC/TR 29110-5 Management, engineering and VSEs and their customers.
service delivery guides
ISO/IEC 29110-6 Management and engineering VSEs and their customers.
guides not tied to a specific
profile
ISO/IEC/TR 29110-7 Specific profile guidelines VSEs and their customers.

If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC/TR 29110-5 and ISO/IEC 29110-6 and or

ISO/IEC/TR 29110-7 ISO/IEC/TR 29110-5 can be developed with minimal impact to existing documents.

ISO/IEC/TR 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,

lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and

the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the

rationale for specific profiles, documents, standards and guides.

ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It

establishes the logic behind the definition and application of profiles. For standardized profiles, it

specifies the elements common to all profiles (structure, requirements, conformance, assessment). For

domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),

it provides general guidance adapted from the definition of standardized profiles.

ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements

for process capability assessment, conformity assessments, and self-assessments for process

improvements. ISO/IEC 29110-3 also contains information that can be useful to developers of

certification and assessment methods and developers of certification and assessment tools.

ISO/IEC 29110-3 is addressed to people who have direct involvement with the assessment process, e.g.

the auditor, certification and accreditation bodies and the sponsor of the audit, who need guidance on

ensuring that the requirements for performing an audit have been met.

ISO/IEC 29110-4-m provides the specification for all profiles in one profile group that are based on

subsets of appropriate standards elements.

ISO/IEC/TR 29110-5-m-n provides management, engineering and service delivery guides for the

profiles in a profile group.

ISO/IEC 29110-6-m provides the specification for specific profiles that are based on subsets of

appropriate standards elements.

ISO/IEC/TR 29110-7-x provides a guide for each profile in the specific profile group.

This document defines the process assessment guidelines needed to meet the purpose of defined VSE

profiles. It is applicable to all VSE profiles and is compatible with ISO/IEC 33002.

© ISO/IEC 2020 – All rights reserved vii
---------------------- Page: 7 ----------------------
ISO/IEC TR 29110-3-1:2020(E)

Figure 1 describes the ISO/IEC 29110 series of International Standards (IS) and Technical Reports (TR)

and positions the parts within the framework of reference. Overview, assessment guide, management

and engineering guide are available from ISO as freely available Technical Reports (TR). The Framework

document, profile specifications and certification schemes are published as International Standards (IS).

Figure 1 — The ISO/IEC 29110 series
viii © ISO/IEC 2020 – All rights reserved
---------------------- Page: 8 ----------------------
TECHNICAL REPORT ISO/IEC TR 29110-3-1:2020(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 3-1:
Process assessment guidelines
1 Scope
1.1 Fields of application

This document defines the process assessment guidelines needed to meet the purpose of defined VSE

profiles. It is applicable to all VSE profiles and is compatible with ISO/IEC 33002.

The possible uses of this document are as follows.

a) Assessment to evaluate the process capabilities. Use when an organization wants an assessment of

profile conformance (basic, etc.) of the implemented processes.

b) Supplier's capability assessment. Use when a customer asks for a third party to conduct an

assessment in order to obtain a profile (basic, etc.) of the implemented process by the system or

software development and maintenance supplier.
1.2 Target audience

The target audience of this document is primarily those who perform or have direct relationship with

process assessments of VSEs. This document also contains information that can be useful to developers

of assessment methods and assessment tools and those requiring additional guidance on the assessmet

process.

This document is addressed to people who have a direct relation with the assessment process based on

the VSE profiles (e.g. the assessors and the sponsor of the assessment) who need guidance on ensuring

that the requirements for performing an assessment have been met.

It is intended that ISO/IEC/TR 29110-1 be read first when initially exploring VSE profile documents.

2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC/TR 29110-1, Systems and software engineering — Lifecycle profiles for Very Small Entities

(VSEs) — Part 1: Overview
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC/TR 29110-1 and the

following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at http:// www .iso .org/ obp
© ISO/IEC 2020 – All rights reserved 1
---------------------- Page: 9 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
— IEC Electropedia: available at http:// www .electropedia .org/

NOTE In the ISO/IEC 29110 series, to minimize confusion about the term ‘basic’ that is used to mean different

ideas, the term ‘Basic’ with a capital B is used to refer to the Basic profile while the term ‘basic’ is used to mean

forming an essential foundation or starting point (e.g. basic types of work products).

3.1
process profile
set of process attribute ratings for an assessed process

Note 1 to entry: Within the ISO/IEC 29110 series, a profile is defined as “set of one or more base standards

and/or profiles and, where applicable, the identification of chosen classes, conforming subsets, option and

parameters of those base standard, or standardized profiles necessary to accomplish a particular function”

(ISO/IEC/TR 10000-1).

Note 2 to entry: When used unqualified in this document, this is the applicable definition.

[SOURCE: ISO/IEC 33001:2015, 3.2.18, modified — Note 1 to entry and Note 2 to entry have been added.]

3.2
process quality

ability of a process to satisfy stated and implied stakeholder needs when used in a specified context

[SOURCE: ISO/IEC 33001:2015, 3.4.8]
3.3
process quality level

representation of the achieved level of a process quality (3.2) characteristic derived from the process

attribute ratings for an assessed process

[SOURCE: ISO/IEC 33001:2015, 3.4.10, modified — "point on a scale of achievement" has been replaced

with "representation of the achieved level".]
3.4
target process profile

process profile (3.1) specifying which process attributes are required and the rating necessary for each

process attribute for a required process
[SOURCE: ISO/IEC 33001:2015, 3.2.20]
4 Abbreviated terms
BP base practice
OM organizational management
PA process attributes
PAM process assessment model
PMP process management process
PPM project portfolio management
PRM process reference model
RM resource management
VSE Very Small Entity
2 © ISO/IEC 2020 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
5 Process assessment framework

These guidelines apply to VSE process assessments. The assessment, as defined in this document, has

two purposes:

— To evaluate the process capability based on a two-dimensional assessment model containing a

process dimension and the process quality dimension. The process dimension refers to the processes

defined in each VSE profile which are provided by an external process reference model (PRM).

The process quality dimension consists of a Process measurement framework comprising process

quality levels, their associated process attributes, and the rating scale.

— To evaluate whether an organization fulfils the targeted VSE profile based on the evaluated

capabilities for the processes.

For an official recognition, the conformity assessments should be carried out following a process

assessment process satisfying the requirements of ISO/IEC 33002 and described in Clause 6. For self-

assessments emphasizing identification of process improvements, other approaches can be applied

(additional information can be found in other parts of ISO/IEC 29110 specifically dedicated to self-

assessment).

According to ISO/IEC 33001, a process assessment is “a disciplined evaluation of an organizational

unit’s processes against a process assessment model (PAM)”. In this context, the process assessment

model consists of a subset of process purposes and outcomes of a process reference model, and the

process attributes, quality levels and rating scale that are defined in the correspondent process

assessment model. A process reference model is, for instance, ISO/IEC/IEEE 12207 and the applicable

subset is defined in a Specification of a VSE profile, for instance, ISO/IEC 29110-4-1. The applied process

assessment model, always conformant to ISO/IEC 33002, has as its result represented as a set of

process attribute ratings, i.e. a process profile. Figure 2 illustrates the relevant documents and data for

a process applicable to VSE process assessment.

ISO/IEC 33002 sets out the minimum requirements for performing a process assessment that ensure

consistency and repeatability of the ratings. The requirements help to ensure that the process

assessment output is self-consistent and provides evidence to substantiate the ratings and to verify

conformance with the requirements.

Self-assessments are typically performed to identify process improvement opportunities or to check

current status of the organization’s performance. Self-assessments in VSEs are outside the scope of this

document.
© ISO/IEC 2020 – All rights reserved 3
---------------------- Page: 11 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
Figure 2 — Elements of VSE process assessment
6 VSE process assessment
6.1 Performing an assessment
6.1.1 General

In performing a process assessment based on the ISO/IEC 29110 series, the requirements expressed

in ISO/IEC 33002 are intended to be satisfied in full. This clause provides additional guidance related

specifically to the process assessment in VSEs.

A process assessment is conducted according to a documented process that is capable of meeting

the process assessment purpose. The key elements of a documented assessment process are closely

tied to the requirements for performing an assessment, defined in ISO/IEC 33002. The documented

assessment process is the set of instructions for conducting the process assessment. A documented

assessment process addresses the following aspects of the conduct of a process assessment:

— incorporate as a minimum, the tasks defined in ISO/IEC 33002;

— identify the classes of process assessment for which the documented assessment process can

be applied and the nature and extent of tailoring associated with each class addressed by the

documented process;

— define the criteria for ensuring coverage for both the defined organizational scope and the defined

process scope for the assessment, in terms of the strategy for collecting and analysing data;

— identify or define the approach to be taken in performing the generation of process attribute ratings,

including (where applicable) the aggregation of observations and/or characterisations across the

elements of the assessment.
4 © ISO/IEC 2020 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
6.1.2 Assessment inputs

Process assessment inputs as specified in ISO/IEC 33002:2015, 4.4 are to be defined. In conducting

process assessments of VSEs based on ISO/IEC 29110-4-1, the following issues are expected.

— The process scope of the process assessment [ISO/IEC 33002:2015, 4.4 (d) (1, 2)] should be

determined by the target VSE profile specified for the process assessment.

— The organizational scope of the process assessment [ISO/IEC 33002:2015, 4.4 (d) (3)] should

typically be the entire VSE; however, where the VSE deploys a small number of clearly distinct

projects or functions, the scope can be limited to a single project or function.

— In defining the process assessment context [ISO/IEC 33002:2015, 4.4 (d) (4)], the process assessment

plan should take into account the VSE business and engineering context and be affordable for a VSE.

— In defining the process assessment constraints [ISO/IEC 33002:2015, 4.4 (g)], the specific nature of

the VSE should be explored to establish constraints on availability of resources or data that might

affect the reliability of the process assessment.
6.1.3 Roles and responsibilities

Typically, the process assessment team for VSE process assessment process consists of at least one

lead assessor or a lead assessor with other assessors. The assessors should be familiar with the VSE

characteristics.
6.1.4 The assessment process

The activities to be performed will be determined by the chosen documented assessment process

tailored as necessary. The documented process for the process assessment of a VSE should address all

of the required activities defined in ISO/IEC 33002:2015, 4.2.

Specific concerns of relevance to process assessment of VSEs include the following.

a) Plan the assessment

Typically, the schedule for process assessment of a VSE will need to take account of the availability

of key resources. The level of resources required for the process assessment should be determined

according to the resources available to the VSE.
b) Collect the data

The strategy for data collection should take account of the nature of the work performed within

the VSE and of the nature of the items of objective evidence that will typically be available. Often,

process assessments in VSEs rely heavily on testimony from performers of the processes; however,

to the best extent possible, the assessors should endeavour to obtain other supporting objective

evidence drawn from the VSE work products.
c) Validate the data

The key issue in data validation in process assessment of a VSE is ensuring that the data collected is

representative of the normal operations of the enterprise.
d) Derive results

In conducting process attribute rating, the assessors should focus on the extent to which the

evidence obtained addresses the processes and process attributes being rated. The requirement

for traceability between the rating and the evidence employed [ISO/IEC 33002:2015, 4.2.1 e) 1)] is

relevant here.
© ISO/IEC 2020 – All rights reserved 5
---------------------- Page: 13 ----------------------
ISO/IEC TR 29110-3-1:2020(E)
e) Report the assessment

The assessors should ensure that the report to the sponsor of the process assessment covers the

full scope of the VSE profile employed in the process assessment.
6.2 Use of the assessment results
The process assessment results can be used to:
a) evaluate the process quality levels of an organization;

b) determine the improvement opportunities, in order to enhance the organization’s ability to meet

its business goals by improving efficiency and quality
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.